Name |
Description |
CVE |
| Open Recursive DNS Server |
Typically, DNS servers only provide recursive DNS services to machines within a trusted domain. A server with this vulnerability is providing
recursive DNS service to any host on the Internet. Restricting recursion and disabling the ability to send additional delegation information can help
prevent DNS-based DoS attacks and cache poisoning. It can also improve performance on your network by reducing the vulnerability of your DNS servers
to use as a reflector in such an attack. Fix:See The Continuing Denial
of Service Threat Posed by DNS Recursion for more information. |
|
| CGI - AnyForm2 |
The file /cgi-bin/AnyForm2 can be used by an attacker to email your web server's password file back to the attacker. Fix:If you do not use the AnyForm2 CGI script it is recommended that you remove it or upgrade to the latest version. |
CVE-1999-0066
|
| CGI - Count |
The file /cgi-bin/Count.cgi contains two buffer overflows which allow a remote attacker to execute commands on your web server. Fix:If you do not use the Count.cgi it is recommended that you remove it or upgrade to the latest version. |
CVE-1999-0021
|
| CGI - Faxsurvey |
The file /cgi-bin/faxsurvey can be used by an attacker to view files on your system and also possibly spawn a shell remotely. Fix:If you do not use the Faxsurvey cgi script it is recommended that you remove it or upgrade to the latest version. |
CVE-1999-0262
|
| CGI - JJ |
The file /cgi-bin/jj can be used by an attacker to view files on your system and also possibly spawn a shell remotely. Fix:If you do not use the JJ CGI script it is recommended that you remove it. |
CVE-1999-0260
|
| CGI - Man.sh file viewing and command execution vulnerability |
The file /cgi-bin/man.sh can be used by an attacker to view files on your system and possibility also exists to execute commands remotely. Fix:Remove /cgi-bin/man.sh. |
CVE-1999-1179
|
| CGI - Phf |
The file /cgi-bin/phf can be used to remotely view any file your web server has permissions to view. Fix:If you do not use the phf CGI script it is recommended that you remove it. |
CVE-1999-0067
|
| CGI - Test-Cgi |
The file /cgi-bin/test-cgi allows a remote attacker to list files on your web server. This information could be used to determine what type of software you have installed and might possibly be vulnerable to attack. Fix:Remove the /cgi-bin/test-cgi file from your web server. |
CVE-1999-0070
|
| CGI - Textcounter |
The file /cgi-bin/textcounter.pl can be used by an attacker to execute commands on your server with the same rights as the http daemon. Fix:If you do not use the Textcounter cgi script it is recommended that you remove it or upgrade to the latest version. |
|
| CGI - Uploader.exe |
The file /cgi-win/uploader.exe can be used by a remote attacker to upload files to your web server and in some cases replace your web page. Fix:Remove /cgi-win/uploader.exe as it is a sample file. |
CVE-2000-0769
|
| CGI - Webdist |
The file /cgi-bin/webdist.cgi can be used by an attacker to view files on your system and also possibly spawn a shell remotely. Fix:If you do not use the Webdist cgi script it is recommended that you remove it or upgrade to the latest version. |
CVE-1999-0039
|
| Anonymous Write |
Giving an anonymous user the ability to write to your disk is not recommended as it can lead to the compromise of your system. Fix:Follow your FTP server instructions on how to disable anonymous write access. |
|
| Serv-U FTP-Server 2.5 Remote Exploit |
Serv-U FTP-Server versions prior to 2.5i are vulnerable to a remote buffer overflow that can be exploited to gain access to the remote machine. Fix:Update to the latest version of Serv-U. |
CVE-2001-0054
|
| War FTPD 1.65 Remote Exploit |
War FTPD 1.65 is vulnerable to a remote buffer overflow that can be exploited to gain access to the remote machine. Fix:Update to the latest version of WarFTPd. |
CVE-2000-0131
|
| Windows 95/NT WarFTPd 1.67b2 and 1.70 Remote Exploit |
Windows 95/NT WarFTPd versions 1.67b2 and 1.70 are vulnerable to a remote buffer overflow that can be exploited to gain access to the remote machine. Fix:Update to the latest version of WarFTPd. |
CVE-2000-0044
|
| WFTPD Remote Buffer Overflow |
Texas Imperial Software WFTPD versions 3.0 and earlier exhibit a buffer overflow vulnerability through which the remote attacker can crash the server, or possibly cause the execution of arbitrary code in its context, by submitting long MKD and CWD paths. Fix:Upgrade to the most recent version of WFTPD to eliminate this and possibly other security vulnerabilities in the product. |
CVE-1999-0950
|
| WS FTP Server 1.0.2 |
WS_FTP Server 1.0.2 contains multiple buffer overflows. A remote attacker could use these remote overflows to execute commands on your server with NT SYSTEM level access. Fix:Upgrade to the current version of WS_FTP Server. |
CVE-1999-0362
|
| CMail 2.4 |
CMail 2.4 is vulnerable to a hole that will allow a remote attacker to execute arbitrary code on the target server. Fix:Upgrade to the most current version of CMail. |
CVE-1999-1521
|
| IMail IMAP login buffer overflow vulnerability |
Ipswitch IMail 5.0 and earlier contains a buffer overflow vulnerability in its IMAP mail service's login process that can lead to the execution of arbitrary code. By supplying a long user name and/or password, a remote attacker can compromise the server. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product. |
CVE-1999-1557
|
| IMail LDAP Server 5.0 |
IMail LDAP Server 5.0 contains multiple buffer overflows. A remote attacker could use these remote overflows to execute commands on your server with NT SYSTEM level access. Fix:Upgrade to the current version of IMail. |
CVE-1999-0385
|
| Mail-Max Version 2.040 Remote Buffer Overflow |
Mail-Max Version 2.040 is vulnerable to a remote buffer overflow that can be exploited to gain access to the remote machine. Fix:Upgrade to the latest version of Mail-Max. |
CVE-1999-0404
|
| Mercur IMAP4 Server 3-00-26 |
Mercur IMAP4 Server 3.00.26 contains multiple buffer overflows. A remote attacker could use these remote overflows to execute commands on your server with NT SYSTEM level access. Fix:Upgrade to the current version of Mercur. |
CVE-2000-0198
|
| Mercur POP3 Server 3-00-24 |
Mercur POP3 Server 3.00.24 contains multiple buffer overflows. A remote attacker could use these remote overflows to execute commands on your server with NT SYSTEM level access. Fix:Upgrade to the current version of Mercur. |
CVE-2000-0198
|
| QPOP 2.2 Remote Buffer Overflow |
QPOP 2.2 is vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP. |
|
| QPOP 2.1.4-R3 Remote Buffer Overflow |
QPOP 2.1.4-R3 is vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP. |
|
| QPOP 2.3 Remote Buffer Overflow |
QPOP 2.3 is vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP. |
|
| QPOP 2.4 Remote Buffer Overflow |
QPOP 2.4 is vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP. |
CVE-1999-0006
|
| QPOP 2.41beta1 Remote Buffer Overflow |
QPOP 2.41beta1 is vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP. |
|
| Sendmail 5.5 |
Sendmail version 5.5 contains a hole that allows an attacker to remotely execute commands. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail. |
CVE-1999-0095
|
| Sendmail 5.61 |
Sendmail version 5.61 contains a hole that allows an attacker to remotely execute commands. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail. |
|
| Sendmail 5.65 |
Sendmail version 5.65 contains several backdoors that allow an attacker to remotely execute commands. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail. |
|
| Sendmail 5.65c |
Sendmail version 5.65c contains a bug could allow an attacker to remotely execute commands. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail. |
|
| Sendmail 8.6.9 ident execute attack |
Sendmail version 8.6.9 contains a hole that allows an attacker to remotely execute commands at root level through ident functionality. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail. |
CVE-1999-0204
|
| Sendmail Daemon Mode Vulnerability |
A vulnerability in Sendmail 8.7.x through 8.8.2 allows local non-root users to run sendmail as root. By carefully configuring the environment a user can execute commands as root using this flaw. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrading to the most recent version of Sendmail will eliminate this and other flaws found in the past. |
CVE-1999-0130
|
| Sendmail 8.8.x HELO Buffer Overflow |
A buffer overflow in Sendmail 8.8.x occurs when handling large arguments to the SMTP HELO command. This vulnerability can be exploited to spoof email and possibly execute code on the remote system with a high degree of privilege. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail. |
CVE-1999-0098
|
| Sendmail 8.9.2 DoS |
Sendmail versions 8.8.8 through 8.9.2 contain several bugs that could allow an attacker to launch a DoS (Denial of Service) attack. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail. |
CVE-1999-0393
|
| SLMail 3.1 RAS File Access |
SLMail 3.1 and 3.2 contain multiple buffer overflows. A remote attacker could use these remote overflows to execute commands on your server with NT SYSTEM level access. Fix:Upgrade to the current version of SLMail. |
CVE-1999-0380
|
| SMTP Relaying |
SMTP Relaying allows a remote user to use your server to send email. This can lead to your server being used by spammers or attackers who wish to fake email from your domain. Fix:Follow your SMTP server's manual on how to disable SMTP relaying. If no instructions are provided contact your SMTP server's vendor. |
CVE-1999-0512
|
| Null Session |
A Null Session occurs when an attacker sends a blank username and blank password to try to connect to the IPC$ (Inter Process Communication) pipe. By creating a null session to IPC$ an attacker is then able to gain a list of user names, shares, and other potentially sensitive information. Note: If you have run this Retina scan with Administrator level access to your network then you will always be able to create a null session and therefore this is a false positive and not a vulnerability. Fix:Important: Make sure to test the following configuration changes carefully before deployment to production systems, especially on domain controllers and in other environments where anonymous access may be in legitimate use. Open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry key, then perform the following steps appropriate to the system's version of Windows. On Windows NT 4.0:
Create or modify the RestrictAnonymous registry value (type REG_DWORD) to contain a value of 1. Note that a reboot will be required in order for this change to take effect.
This vulnerability cannot be fully mitigated on Windows NT 4.0, as only user and share enumeration will be prevented with this setting. Further null session restriction is possible starting with Windows 2000.On Windows 2000: Create or modify the RestrictAnonymous registry value (type REG_DWORD) to contain a value of 2. This setting will take effect immediately, although existing null sessions will not be affected.A value of 2 will not allow a null session to be established.On Windows XP and Windows Server 2003: Create or modify the RestrictAnonymous registry value (type REG_DWORD) to contain a value of 1.
Create or modify the RestrictAnonymousSAM registry value (type REG_DWORD) to contain a value of 1.
Create or modify the EveryoneIncludesAnonymous registry value (type REG_DWORD) to contain a value of 0.
A reboot will be required in order for these changes to take effect. |
CVE-2000-1200
|
| Anonymous Registry |
Remote access to the server's registry was granted. This is a very serious vulnerability. This can lead to an attacker remotely compromising your machine. Fix:Set the security permissions on HKEY_LOCAL_MACHINE\system\CurrentcontrolSet\Control\SecurePipeServers Key: winreg so that only administrators have access. |
CVE-1999-0562
|
| NetBus backdoor |
A backdoor is a program an attacker can place on a machine to gain access to resources at a later date. Fix:If NetBus is not authorized then it is recommended that you remove it.
Locate and delete the following registry key:
Hive: HKEY_LOCAL_MACHINE
Path: Software\Microsoft\Windows\CurrentVersion\Run
Key: SysEdit
Reboot your computer.
Do a file search for sysedit.exe and keyhook.dll and delete them. |
CVE-1999-0660
|
| Outdated SSH |
You are running a version of SSHd that is outdated. A number of cryptographic weaknesses exist in SSH protocol versions prior to 1.3, and most implementations contain additional serious security vulnerabilities. Fix:Upgrade to the latest version of the SSH service. |
|
| Open NFS Share |
It is recommended that you close this NFS mount. An attacker could probably mount and read files on this partition. You can close this mount by limiting the systems that can connect to it or removing it completely. Fix:Follow your NFS server instructions on how to remove or restrict an NFS Share. |
CVE-1999-0554
|
| IMail IMonitor buffer overflow vulnerability |
Ipswitch IMail 5.0 and earlier exhibits a buffer overflow in its IMonitor service (typically port 8181) through which a remote attacker can crash the server or cause it to execute malicious code by sending a long string of 2045 or more characters. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product. |
CVE-1999-1046
|
| IMail web service buffer overflow vulnerability |
Ipswitch IMail 5.0 and earlier is susceptible to a buffer overflow in its web service (typically port 8383) that a remote attacker can exploit to cause the execution of arbitrary code on the host. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product. |
CVE-1999-1551
|
| Mercur Control Service 3.00.21 |
Mercur Control Service 3.00.21 contains multiple buffer overflows. A remote attacker could use these remote overflows to execute commands on your server with NT SYSTEM level access. Fix:Upgrade to the current version of Mercur. |
CVE-2000-0198
|
| Cold Fusion - Display Open File |
The example Cold fusion file, displayopenedfile.cfm, can be used by a remote attacker to upload files to your web server. If a remote attacker was to upload a Cold Fusion page they could possibly browse directories on the server as well as upload, download and delete files. Fix:It is recommended to remove all sample Cold Fusion files from your web server. Refer to the Allaire Security Bulletin link below. |
CVE-1999-0477
|
| Cold Fusion - ExprCalc |
The example Cold fusion file, exprcalc.cfm, can be used by a remote attacker to view files on your web server therefore possibly leading to your server being compromised. Fix:It is recommended to remove all sample Cold Fusion files from your web server. Refer to the Allaire Security Bulletin link below. |
CVE-1999-0455
|
| Cold Fusion - Open File |
The example Cold fusion file, openfile.cfm, can be used by a remote attacker to upload files to your web server. If a remote attacker was to upload a Cold Fusion page they could possibly browse directories on the server as well as upload, download and delete files. Fix:It is recommended to remove all sample Cold Fusion files from your web server. Refer to the Allaire Security Bulletin link below. |
CVE-1999-0477
|
| FrontPage Password File - Authors.pwd |
The authors.pwd file contains the FrontPage user names and encrypted passwords. A remote attacker can download this password file and run it through a password-cracking program. Once they have cracked a valid login they can then proceed to gain remote access to your system. Fix:Upgrade to the latest version of FrontPage. |
|
| FrontPage Password File - Service.pwd |
The service.pwd file contains the FrontPage user names and encrypted passwords. A remote attacker can download this password file and run it through a password-cracking program. Once they have cracked a valid login they can then proceed to gain remote access to your system. Fix:Upgrade to the latest version of FrontPage. |
|
| FrontPage Password File - Users.pwd |
The users.pwd file contains the FrontPage user names and encrypted passwords. A remote attacker can download this password file and run it through a password-cracking program. Once they have cracked a valid login they can then proceed to gain remote access to your system. Fix:Upgrade to the latest version of FrontPage. |
|
| Malformed HTR Request - NT4 |
A vulnerability in IIS involves an unchecked buffer in the filter DLLs for the following file types: .HTR, .STM and .IDC files. The .htr, .STM and .IDC extensions are used by ISAPI filters so an attacker can therefore overflow those ISAPI filters and remotely execute code as SYSTEM. Fix:Install the Microsoft supplied fix. |
CVE-1999-0874
|
| MSADC - ShowCode |
The file /msadc/Samples/SELECTOR/showcode.asp can be used by an attacker to remotely view any file on your web server. Fix:It is recommended that you remove the folders C:\Program Files\Common Files\System\msadc\Samples and Samples11. |
CVE-1999-0736
|
| Sambar Web Server batch CGI vulnerability |
Sambar Technologies Sambar Web Server 4.2 beta 7 and earlier is vulnerable to arbitrary command execution through the use of shell metacharacters in parameters to batch files in the cgi-bin directory, such as the default hello.bat and echo.bat files. Fix:Remove the hello.bat and echo.bat batch files from the cgi-bin directory, and prevent users from uploading to the location as well. |
CVE-2000-0213
|
| CGI - ColdFusion Default application evaluation vulnerability |
This Cold Fusion script allows an attacker to evaluate chunks of CF code, perhaps even allowing a DoS Fix:Customers who are running ColdFusion 4.0 should install the ColdFusion 4.0.1 maintenance release on all of their installations of ColdFusion Server 4.0. Customers running other versions of ColdFusion or customers who have upgraded to 4.0.1 should completely remove the CFDOCS directory on production servers and restrict access to it on developer workstations. |
CVE-1999-0923
|
| CGI - ColdFusion Example application content add |
This Cold Fusion sample application may allow an attacker the ability to create custom Cold Fusion scripts on the server. Fix:Customers who are running ColdFusion 4.0 should install the ColdFusion 4.0.1 maintenance release on all of their installations of ColdFusion Server 4.0. Customers running other versions of ColdFusion or customers who have upgraded to 4.0.1 should completely remove the CFDOCS directory on production servers and restrict access to it on developer workstations. |
|
| CGI - ColdFusion Example application |
This example application may allow an attacker access to the ColdFusion server. Fix:Customers who are running ColdFusion 4.0 should install the ColdFusion 4.0.1 maintenance release on all of their installations of ColdFusion Server 4.0. Customers running other versions of ColdFusion or customers who have upgraded to 4.0.1 should completely remove the CFDOCS directory on production servers and restrict access to it on developer workstations. |
CVE-2000-0189
|
| CGI - ColdFusion Example application 2 |
This application may allow an attacker access to the ColdFusion Server. Note: this audit may produce a false positive result when scanning web servers running BlueDragon. Fix:Customers who are running ColdFusion 4.0 should install the ColdFusion 4.0.1 maintenance release on all of their installations of ColdFusion Server 4.0. Customers running other versions of ColdFusion or customers who have upgraded to 4.0.1 should completely remove the CFDOCS directory on production servers and restrict access to it on developer workstations. |
CVE-2000-0189
|
| IIS Sample application - JET prob |
Due to a problem in the JET database driver, this file could allow an attacker the ability to run arbitrary commands on your web server Fix:Remove all sample application and upgrade your JET database engine to at least version 4.0 |
|
| IIS sample application - details |
This file may allow an attacker access to your server via a JET database issue Fix:Upgrade your MSADC components and remove ALL sample applications from production web servers |
|
| IIS sample application - ctguestb |
The IIS sample applications contain numerous vulnerabilities Fix:Remove all sample applications installed on your web server |
|
| NEWDSN Vulnerability |
The NEWDSN.exe program can be used to create files on an affected server Fix:Remove access to the /SCRIPTS/TOOLS directory on a production server. |
CVE-1999-0191
|
| IIS 3.0/4.0 MDAC RDS Remote Command Execution (MS99-025) |
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.0 and 4.0 exposes unsafe methods, which can be exploited by remote attackers to execute arbitrary commands with SYSTEM level privileges. MDAC 1.5 and 2.0 are affected by this vulnerability. MDAC 2.1 is only affected when installed as an upgrade from a previous version. (Note: This audit checks for the existence of the vulnerable component by querying the target HTTP server and could potentially produce false positives on patched systems.) Fix:Remove the /msadc directory and IIS virtual mapping and install MDAC 2.1 SP2 or newer. Note: This audit checks for the existence of the vulnerable component by querying the target HTTP server and could potentially produce false positives on patched systems. |
CVE-1999-1011
|
| ORA Website sample Buffer overflow vuln |
There is a buffer overflow in this sample application. Fix:Remove win-c-sample.exe from your site. |
CVE-1999-0178
|
| Perl Execute Vulnerability -scripts |
Perl has been found in the /scripts directory. An attacker can use this to execute specific perl code to compromise the server. Fix:Remove perl from the web directory. Place it in a common path outside the web root. |
CVE-1999-0509
|
| Perl Execute Vulnerability -cgibin |
Perl has been found in the /cgi-bin directory. An attacker can use this to execute specific perl code to compromise the server. Fix:Remove perl from the web directory. Place it in a common path outside the web root. |
CVE-1999-0509
|
| rsh service |
The rsh service is running on the scanned system on port 514. The rsh service is vulnerable to IP spoofing attacks and may allow an attacker the ability to execute commands on your server if they can spoof a trusted host. Note: the syslog daemon also runs on port 514, and so this audit may produce a false positive result for this reason. Fix:We recommend disabling this service and migrating to a more secure alternative such as SSH. To disable the rsh service simply comment out it's entry in the inetd.conf file in the /etc directory. After commenting out the entry, restart the inetd service to ensure the rsh service has been disabled. |
CVE-1999-0651
|
| rlogin service |
This service is vulnerable to IP spoofing attacks and may allow an attacker the ability to execute commands on your server if they can spoof a trusted host. Fix:We recommend disabling this service and migrating to a more secure alternative such as SSH. To disable the rlogin service simply comment out it's entry in the inetd.conf file in the /etc directory. After commenting out the entry, restart the inetd service to ensure the rlogin service has been disabled. |
CVE-1999-0651
|
| Sendmail 8.7.5 and lower resource depletion |
There is a resource depletion vulnerability in sendmail versions prior to 8.7.6. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail. |
CVE-1999-0131
|
| Sendmail ETRN DoS |
This version of Sendmail has a bug that may allow a remote user to cause the server to use large amounts of resources by sending many ETRN commands to it resulting in a Denial of Service condition. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail. |
CVE-1999-1109
|
| Sendmail maillocal vulnerability |
This version of Sendmail has a bug that allows a remote or local user to use a bug in the shipped mail.local to freeze sendmail delivery or corrupt mailboxes. The problem exists in the LMTP handling of mail.local and requires that mail.local be used as the default local mail delivery agent Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail. |
CVE-2000-0319
|
| SLMail 3.0 MAIL FROM buffer overflow |
A buffer overflow in SLMail versions 3.0.2421 and earlier can be exploited by supplying a carefully crafted argument to the "MAIL FROM:" SMTP command. This vulnerability can be exploited remotely to gain SYSTEM access on any vulnerable mail server running SLMail. Fix:Upgrade to the most recent version of SLMail to eliminate this and other vulnerabilities previously discovered in SLMail. |
CVE-1999-0102
|
| CMail 2.4.7 Web Interface Buffer Overflow |
CMail 2.4.7 is vulnerable to a hole that will allow a remote attacker to execute arbitrary code on the target server. Fix:Upgrade to the current version of CMail. |
CVE-2000-0557
|
| IMail POP3 buffer overflow vulnerability |
Ipswitch IMail 5.07 and earlier are susceptible to a buffer overflow in the POP3 mail service that can be actuated by sending a user name between 200 and 500 characters. A remote attacker can exploit this vulnerability to cause malicious code execution. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product. |
|
| AnalogX SimpleServer:WWW Get overflow |
A buffer overflow exists in the AnalogX SimpleServer:WWW version 1.01. This overflow could allow an attacker to run commands with the UID of the web server. Fix:Upgrade to the most current version of SimpleServer:WWW. |
CVE-2000-0011
|
| aVirt Mail Server Directory Creation Vulnerability |
This version of aVirt Mail Server contains a remotely exploitable problem with handling paths in the RCPT TO field. Fix:Upgrade to the current version of aVirt Mail Server. |
|
| aVirt POP Server Buffer Overflow Vulnerability |
This version of aVirt Mail Server contains a remotely exploitable buffer overflow in the RCPT TO field. Fix:Upgrade to the current version of aVirt Mail Server. |
|
| RPC rexd non root command execute |
The rexd RPC service has been known to contain holes that would allow a remote attacker the ability to run code as a non root on the remote server due to a programming error. Note: This audit may produce a false positive result, as it detects the presence of the RPC service, not the version installed. Fix:Upgrade to the current version of cmsd from your vendor, or if this service is unnecessary, remove it following your vendor's directions. |
CVE-1999-0627
|
| RPC sadmind overflow |
The sadmind RPC service has been known to contain holes that would allow a remote attacker the ability to run code as root on the remote server due to an unchecked buffer condition. Note: This audit may produce a false positive result, as it detects the presence of the RPC service, not the version installed. Fix:Upgrade to the current version of cmsd from your vendor, or if this service is unnecessary, remove it following your vendor's directions. |
|
| SGI Infosrch.cgi vuln |
The /cgi-bin/infosrch.cgi script allows an attacker to execute commands through passing shell meta characters. The commands execute at the privilege level of the web server. Fix:SGI recommends removing non root execute privileged for this program, or removing the program if it is not used. |
CVE-2000-0207
|
| ORA Website uploader attack |
The /cgi-win/uploader.exe file could allow an attacker the ability to send a file to your cgi-win directory and execute it. Fix:Remove uploader.exe from your site, or upgrade to at least version 2.0 of WebSite |
CVE-1999-0177
|
| CGI - Extropia Guestbook vuln |
The file /cgi-bin/guestbook.cgi can be used by an attacker to remotely upload and execute code if Server side includes are enabled. This vulnerability is against extropia/Serena Sol's guestbook.cgi, and requires SSI to be on. Fix:Remove SSI or upgrade to a newer version of the script from the extropia website. |
CVE-1999-0237
|
| CGI - Excite Search |
The file /cgi-bin/search.cgi installed by the Exite for web services 1.1 can be used by an attacker to execute commands on the remote host by providing a specific search term. Fix:Upgrade to the latest Excite Search engine, available from Excite. |
CVE-1999-0279
|
| CGI - w3-msql multiple overflow vuln |
The file /cgi-bin/w3-msql installed by mini-SQL as a web interface for MSQL contains numerous buffer overflows, allowing an attacker the ability to execute code in the web server context. Fix:It is recommended that you do not use this cgi program, and look for this functionality in a better supported system. |
CVE-2000-0012
|
| Sendmail Invalid MAIL/RCPT Vulnerability |
Sendmail versions prior to 8.6.12 contain bugs could allow a remote user to execute commands as root via parsing failures that exist in message header handling. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail to eliminate this and other vulnerabilities discovered in the past. |
CVE-1999-0203
|
| Sendmail 8.8.1 MIME remote root overflow |
Sendmail versions 8.8.0 and 8.8.1 are vulnerable to a buffer overflow in the MIME processing code. This vulnerability can exploited to gain remote root access to a vulnerable machine. This vulnerability is unrelated to CVE-1999-0047. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrading to the most recent version of Sendmail will eliminate this and other flaws discovered in the past. |
CVE-1999-0206
|
| Zope DHTML Editing Attack |
Zope 2.2.0 through 2.2.4 all contain a bug that could allow an attacker to register a new Zope object with DHTML entities. This new object could be used to attack the server by executing code Fix:Upgrade to the current version of Zope. |
CVE-2000-0062
|
| Zope Role Access Attack |
Zope 2.2.0 through 2.2.4 all contain a local bug that could allow a local attacker to create a hostile operating environment for Zope that could be used to elevate the user's privileges. Fix:Upgrade to the current version of Zope. |
|
| QPOP pop_msg remote overflow |
QPOP 3.0 and 3.0b20 are vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP. |
CVE-1999-0822
|
| QPOP LIST remote buffer overflow |
QPOP 3.0 and 3.0 betas under 30 are vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP. |
CVE-2000-0096
|
| QPOP fgets remote buffer overflow |
QPOP 3.0 and 2.53 are vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP. |
CVE-2000-0320
|
| QPOP EUIDL remote overflow |
QPOP 2.52 and 2.53 are vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP. |
CVE-2000-0442
|
| Serv-U FTP-Server SITE PASS DoS |
Serv-U FTP-Server version v2.5a is vulnerable to a bug in handling long SITE PASS command arguments that can be exploited to crash the Serv-U process on the remote machine. Fix:Update to the latest version of Serv-U. |
CVE-1999-0838
|
| Serv-U FTP-Server Brute Force Vulnerability |
Serv-U FTP-Server versions v2.5.X are vulnerable to a bug that allows unrestricted brut forcing of usernames and passwords. Fix:Update to the latest version of Serv-U. |
CVE-2000-1033
|
| OmniHTTPd statsconfig.pl command execution |
Omnicron Technology Corporation OmniHTTPd 2.07 and earlier exhibits a command injection vulnerability in the included statsconfig.pl script that could allow the web server to be compromised. Fix:Upgrade to the most current version of OmniHTTPd to eliminate this and possibly other security vulnerabilities in the product. |
CVE-2001-0113
|
| CGI - register.cgi - Ikonboard |
Ikonboard 2.1.7b contains a vulnerability in its register.cgi (/cgi-bin/register.cgi) script. Poor input checking could allow a remote attacker the ability to execute commands in the privilege context of the web server. Fix:upgrade to the latest version of Ikonboard, or remove it if it is not in use. |
|
| CGI - simplestguest.cgi - Tammies Husband |
simplestguest.cgi version 2 from Tammie's Husband(/cgi-bin/simplestguest.cgi) contains a vulnerability in handling user input. This script allows a remote attacker the ability to execute commands on the remote system in the privilege context of the web server. Fix:upgrade to the latest version of simplestguest.cgi, or remove it if it is not in use. |
CVE-2001-0022
|
| CGI - simplestmail.cgi - Tammies Husband |
simplestmail.cgi from Tammie's Husband(/cgi-bin/simplestmail.cgi) contains a vulnerability in handling user input. This script allows a remote attacker the ability to execute commands on the remote system in the privilege context of the web server. Fix:upgrade to the latest version of simplestguest.cgi, or remove it if it is not in use. |
CVE-2001-0024
|
| Lotus Domino SMTP 5.04 buffer overflow |
A buffer overflow has been found in Lotus Domino Release 5.0 -> 5.0.4. Using this vulnerability a remote attacker can gain a high degree of access. Fix:Upgrading to Lotus Domino Release 5.0.5 will correct this problem. |
CVE-2000-1047
|
| NCSA 1.3 overflow |
A vulnerability exists in NCSA version 1.3 and earlier that allows remote attackers to achieve root privileges due to a buffer overflow. Fix:Upgrade NCSA to a more recent version to correct this and various other vulnerabilities found since then. |
CVE-1999-0267
|
| Enterprise 3.6p2 accept overflow |
A buffer overflow exists in the mechanism that handles the parsing of the "Accept" HTTP variable. This vulnerability allows a remote attacker to gain a high degree of access to the system running Netscape Enterprise 3.6sp2. Fix:Upgrading to Netscape Enterprise SP3 will correct this problem. |
CVE-1999-0751
|
| thttpd if-modified-since overflow |
A buffer overflow was discovered in thttpd version 2.04 that would permit any remote attacker to gain access to the machine that thttpd is installed on. Earlier versions are most likely affected also. Fix:Upgrading to the most recent version of thttpd will correct this problem. |
CVE-2000-0359
|
| WebReflex 1.55 GET overflow |
A buffer overflow vulnerability exists in WebReflex 1.55. Sending a request to the server with a very large filename will trigger a buffer overflow, causing the server to crash. Fix:We are unaware of any current solution to this problem. As the vendor appears to no longer support this application you should either discontinue use or replace it with a support application. |
CVE-2001-0298
|
| BFTPD SITE CHOWN buffer overflow vulnerability |
Max-Wilhelm Bruker BFTPD 1.0.13 and earlier is prone to a buffer overflow when handling a SITE CHOWN command with a long user/group parameter. A remote attacker could exploit this vulnerability to execute code on the host machine in the server context. Fix:Upgrade to the most current version of BFTPD to eliminate this and possibly other security vulnerabilities in the software. |
|
| Solaris ftpd glob heap overflow |
The Solaris ftp daemon contains a heap-based buffer overflow condition. The problem exists when handling directory alias related characters such as '~' which refers to a users home directory. Fix:We recommend downloading a patch from your vendor when available. If no patch is available either disable this service or use a more secure alternative. |
CVE-2001-0249
|
| Solaris in.ftp core dump passwords problem |
A remote attacker can cause the Solaris ftp server to crash during authentication, leaving a core dump file in the root directory containing encrypted password entries from the /etc/shadow file. Fix:We recommend downloading a patch from your vendor when available. If no patch is available either disable this service or use a more secure alternative. |
CVE-2001-0421
|
| IMAP - University of WA 12.264 overflow |
Vulnerabilities have been found in COPY,LSUB,RENAME and FIND commands that could allow any attacker with a valid username/password combination to gain command shell access to the server where IMAPD is answering requests. Fix:Upgrading to the latest version of IMAP will correct this as well as other vulnerabilities found in IMAP. |
CVE-2000-0284
|
| IMAPD authenticate overflow |
A vulnerability discovered in University of Washington's IMAP Server 10.234 allows any attacker remote root access to any system where 10.234 or below is installed. The problem lies with incorrect bounds checking of a buffer passed in by authentication. Fix:Upgrading to the latest version will correct this and various other security flaws. |
CVE-1999-0005
|
| RPC fam buffer overflow |
Several buffer overflows have been found in the fam service that could allow a remote root compromise. Note: This audit may produce a false positive result, as it detects the presence of the RPC service, not the version installed. Fix:We recommend disabling this service if you are not currently using it. |
CVE-1999-0059
|
| RPC rpc.nisd service |
The rpc.nisd service is running. Several versions of the NIS (Yellow Pages) service contain various buffer overflow vulnerabilities that arise when the nisd service attempts to interpret large NIS arguments over an RPC based connection. Note: This audit may produce a false positive result, as it detects the presence of the RPC service, not the version installed. Fix:We recommend moving to a more secure alternative due to the amount of security holes found in NIS implementations in the past. If you would like to keep this NIS server under operation, we recommend verifying that you have the most current version available for this operation system and that all appropriate patches are installed. |
CVE-1999-0008
|
| RPC selection session sniffing |
A vulnerability exists in the SunView selection service that allows a remote attacker to remotely sniff data related to SunView sessions. Fix:We recommend you disable this service if you are not currently using it. |
|
| IIS 5.0 IPP ISAPI Host overflow |
Due to an unchecked buffer in msw3prt.dll, a maliciously crafted HTTP .printer request containing approx 420 bytes in the 'Host:' field will allow the execution of arbitrary code on unpatched Windows 2000 IIS 5.0 web servers. Fix:A patch is available from Microsoft to fix this vulnerability. We also recommend removing the .printer ISAPI filter if it is not needed. |
CVE-2001-0241
|
| IIS5 Translate Source Disclosure |
An attacker can view the source code of your ASP files by sending a carefully crafted URL containing the Translate: header field. This can lead to an attacker learning about passwords and various other data that can lead to total system compromise. Fix:Microsoft has released a patch for this problem. |
CVE-2000-0778
|
| wu-ftpd V.2.4.2b18 long path overflow |
Wu-ftpd version wu-2.4.2-academ[BETA-18-VR9] and earlier contains a buffer overflow that could allow an attacker to remotely gain root access. The problem lies in wu-ftpd's handling of very long pathnames. Fix:Upgrade to the current version of wu-ftpd Server. |
CVE-1999-0368
|
| wu-ftpd v2.5.0 mapped_path overflow |
Wu-ftpd version 2.5.0 and earlier contains a buffer overflow that could allow an attacker to remotely gain root access. The vulnerability exists in the handling of the mapped_path variable and CWD. Fix:Upgrade to the current version of wu-ftpd Server. |
CVE-1999-0878
|
| wu-ftpd message file variable buffer overflow |
wu-ftpd versions prior to 2.6.0 are susceptible to a buffer overflow during the expansion of macro variables in a message file, that may allow a remote attacker with an FTP account to cause the execution of arbitrary code on the host. Fix:Upgrade to the most current version of wu-ftpd to eliminate this and possibly other security vulnerabilities in the software, or as a temporary partial workaround, remove macros from the message files. |
CVE-1999-0879
|
| wu-ftpd v2.5.0 SITE NEWER DoS |
A vulnerability exists in wu-ftpd 2.5.0 and earlier that allows a remote attacker to initiate a denial of service attack against the remote server running wu-ftpd. After being attacked, wu-ftpd will consume a very large amount of the system's memory. Fix:Upgrading to the latest version of wuftpd will correct this and other serious security vulnerabilities found in WU-FTPD 2.5.0. |
CVE-1999-0880
|
| wu-ftpd v2.6.0 conversion |
A vulnerability was found in wu-ftpd 2.6.0 and earlier that allows a remote attacker to gain root access to any wu-ftpd server that offers the conversion service. The attack works by uploading filenames with dashes that appear to be tar archives. Fix:Upgrading to the most recent version of wu-ftpd will correct this and other serious security vulnerabilities that have been found in 2.6.0. |
CVE-1999-0997
|
| wu-ftpd v2.6.0 SITE EXEC format |
Wu-ftpd version wu-2.6.0 and earlier contains a format string conversion vulnerability in its handling of SITE EXEC. An attacker can exploit this to gain remote root access. Fix:Upgrading to the most recent version of WU-FTPD will correct this problem. |
CVE-2000-0573
|
| CGI - A1Stats multiple vulnerabilities |
Vulnerabilities in A1-Statistics allows remote attackers to view sensitive files on your webservers filesystem and remotely execute commands with the privilege level of your webserver. Fix:Upgrading to the most recent version will eliminate this problem. |
|
| CGI - Aspseek multiple buffer overflows |
Multiple buffer overflows have been found in s.cgi, a cgi included with ASPSEEK. These can be exploited to gain remote access to your server. Fix:Upgrading to the most recent version of ASPSEEK will eliminate these security issues. |
|
| CGI - Cyberscheduler buffer overflow |
A buffer overflow vulnerability in the handling of the timezone variable can be exploited to remotely execute commands on the vulnerable server. Fix:Upgrading to the most recent version of Cyberscheduler should correct this problem. |
|
| CGI - MAILNEWS 1.3 remote cmd execution |
A vulnerability in MAILNEWS 1.3 can be exploited to execute commands on the remote machine. The problem lies in the handling of the mail recipient's address. Fix:Upgrading to the most recent version of MAILNEWS should correct this problem. |
CVE-2001-0271
|
| Interscan VirusWall 3.3 HELO overflow |
A buffer overflow was discovered in Interscan VirusWall 3.3 SMTP gateway that allows a remote attacker to execute commands on your system with a high level of privilege. The problem exists in the handling of the HELO SMTP command. Fix:Trend Micro has released a patch to fix this security hole. We recommend upgrading to the most recent version of Interscan VirusWall due to other vulnerabilities that have been found in the past. |
CVE-1999-1529
|
| Mercur Mailserver 3.3 EXPN buffer overflow |
A buffer overflow discovered in Mercur Mailserver 3.3 allows remote attackers to gain system level shell access. The overflow occurs in the handling of the EXPN SMTP command. Previous versions are most likely affected. Fix:Upgrading to the most recent version of Mercur Mailserver should eliminate this problem. |
CVE-2001-0280
|
| WFTPD RETR and CWD buffer overflow vulnerability |
Texas Imperial Software WFTPD 3.0 R4 and earlier are susceptible to a buffer overflow attack in which a long string in conjunction with a RETR or CWD command is sent to the server, causing a crash or possibly the execution of attacker-supplied code. Fix:Upgrade to the most recent version of WFTPD to eliminate this and possibly other security vulnerabilities in the product. |
|
| Interscan VirusWall ISADMIN buffer overflow |
A combination of security holes were discovered in Trend Micro Interscan VirusWall (Linux) 3.0.1 and earlier. The first allows an attacker to gain access to admin programs without authenticating. These programs also contain buffer overflows. Fix:Trend Micro has released an upgrade to Interscan Viruswall 3.6 (Linux). |
CVE-2001-0432
|
| IIS4-5 escape characters decode vulnerability |
Due to a flaw in the handling of CGI filename program requests, it is possible for a remote user to execute arbitrary commands on an Internet Information Server or Personal Web Server host. The problem exists in the decoding of escape characters in the URI of the HTTP request itself. Fix:Microsoft has released a patch to eliminate this flaw. |
CVE-2001-0333
|
| GuildFTPD v0.9.7 Multiple Vulnerabilities |
Two vulnerabilities were discovered in GuildFTPD that can be exploited to download files outside of the FTPROOT and retrieve ftp account passwords. Fix:Check the vendor homepage for possible fix information or a new software version where the vulnerabilities are eliminated. |
|
| SpoonFTP v1.0.0.12 Multiple buffer overflows |
The SpoonFTP server doesn't correctly apply boundary checks on the 'CWD' and 'LIST' commands. An attacker can exploit these vulnerabilities to gain remote access to the vulnerable machine. Fix:The vendor has released an updated version of their software that eliminates these security flaws. |
CVE-2001-0781
|
| WFTPD path/file mapping buffer overflow |
Texas Imperial Software WFTPD 3.0 R5 and earlier is susceptible to a buffer overflow attack brought about by the concatenation of a path and file name with a combined length of approximately 260 or more characters. Fix:Upgrade to the most recent version of WFTPD to eliminate this and possibly other security vulnerabilities in the product. |
CVE-2001-0694
|
| IIS IDA remote system overflow |
This vulnerability allows any malicious attacker to gain remote system level access on unpatched systems. This is the same attack that was used for CodeRed so it is important to patch immediately. Fix:Microsoft has released a hotfix for this vulnerability. |
CVE-2001-0500
|
| MSSQL sa null password |
Default MSSQL installations do not set the sa account password. Remote attacks can log into the SQL server with administrative privileges. Fix:Password protect the SA account. |
CVE-2000-1209
|
| IMail SMTP "From" field buffer overflow |
Ipswitch IMail 6.06 and earlier is susceptible to a buffer overflow in its SMTP service when a long "From" field is provided in conjunction with the name of an existing mailing list in the "Rcpt To" field, allowing malicious code execution on the host. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product. |
CVE-2001-0494
|
| Frontpage Extensions VS RAD buffer overflow |
A buffer overflow class vulnerability in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions can be exploited to gain a high degree of remote access to a server running a vulnerable version. Fix:Install the patch recommended in the Microsoft bulletin to eliminate this vulnerability. |
CVE-2001-0341
|
| Bugzilla 2.10 remote command execution |
A component of Bugzilla 2.10 doesn't correctly parse shell metacharacters. A user who can subscribe to archive can submit a malformed name that will execute commands as an unprivileged user. Fix:Upgrading to the most recent version of Bugzilla will eliminate this issue. |
CVE-2001-0330
|
| IBM Net.Commerce 3.0 remote command execution |
A vulnerability in the orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. Fix:Upgrade to the most recent version of IBM Net.Commerce to eliminate these vulnerabilities. |
CVE-2001-0319
|
| wu-ftp 2.6.1 format string when debug set |
A format string class vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment. Fix:Upgrading wuftpd to the latest version will eliminate this, and other vulnerabilities discovered in the past. Otherwise makes sure wuftpd isn't be launched with the flags -d or -v. |
CVE-2001-0187
|
| VShell gateway 1.0.1 format bug |
Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers. Fix:Upgrading to the most recent version of VShell will eliminate this problem. |
CVE-2001-0155
|
| ProFTPD 1.2.0rc2 shutdown format bug |
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory. Fix:Upgrading to the most recent version of proftpd will eliminate this and other security related problems discovered in the past. |
CVE-2001-0318
|
| Sendmail Version 5 Remote Root Cmd Execution |
A vulnerability in the recipient and sender email address parsing, can be exploited to pipe commands to a program on the local system. Attackers can remote execute commands as root using this vulnerability. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrading to the latest version of Sendmail will eliminate this and other security problems discovered in the past. |
CVE-1999-0203
|
| Berkeley Sendmail v5 DEBUG Vulnerability |
Sendmail's debug mode allows the recipient of an email message to be a program that runs with the privileges of the user id which sendmail is running under. This user is normally root. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrading to the most recent version of sendmail will eliminate this and many other flaws discovered in the past. |
CVE-1999-0095
|
| BIND 8 Transaction Signatures Buffer Overflow |
Due to a bug that is present when handling invalid transaction signatures, it is possible to overwrite some memory locations with a known value. This can be used to gain remote root access on a vulnerable bind server. Fix:ISC recommends upgrading to 9.1.0; however, upgrading to 8.2.3 will also correct this problem. |
CVE-2001-0010
|
| BIND iquery overflow |
BIND 4.9.6 and 8.1.1 fail to properly bound the data received when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host with root privileges. Fix:Upgrade to the current version of bind from the ISC website or your vendor. |
CVE-1999-0009
|
| BIND Cache Poisoning |
BIND 4.9.4 and 8.1, and also prior versions, contain a vulnerability that can be exploited to corrupt DNS entries in a BIND servers cache, allowing attackers to change DNS entries at will Fix:Upgrade to the current version of bind from the ISC website or your vendor. |
CVE-1999-0024
|
| BIND 8.2.1 Buffer overflow in via NXT records |
BIND 8.2 and 8.21 contain an error that could allow a remote attacker the ability to run code as root on the remote server. Fix:Upgrade to the current version of bind from the ISC website or your vendor. |
CVE-1999-0833
|
| BIND 8.2.1 fdmax Denial of Service |
BIND versions including, and prior to 8.2.1, contain a problem releasing file handles that could allow an attacker to mount a remote denial of service attack on the server. Fix:Upgrade to the current version of bind from the ISC website or your vendor. |
CVE-1999-0848
|
| BIND 8.2.1 so_linger Denial of Service |
BIND versions including, and prior to 8.2.1, are vulnerable to a denial of service attack. By intentionally violating the expected protocols for closing a TCP session, remote intruders can cause named to pause for periods up to 120 seconds. Fix:Upgrade to the current version of bind from the ISC website or your vendor. |
CVE-1999-0837
|
| BIND 8.2.1 maxdname Denial of Service |
BIND 8.2.1 and prior, contain a function that improperly handles certain data copied from the network could allow a remote intruder to disrupt the normal operation of your name server, possibly including a crash. Fix:Upgrade to the current version of bind from the ISC website or your vendor. |
CVE-1999-0849
|
| BIND 8 Internal Memory Disclosure Vulnerability |
It is believed that most (if not all) versions of BIND in use contain a vulnerability that may allow an attacker to view named's memory. Fix:ISC Recommends upgrading to 9.1.0, upgrading to 8.2.3 will also correct this problem. |
CVE-2001-0012
|
| BIND 4 nslookupComplain() Buffer Overflow |
Version 4 of BIND contains a stack overflow that may be exploitable to gain remote root access on the vulnerable bind server. The problem occurs in an error handling function, nslookupComplain. Fix:Upgrade to the current version of bind from the ISC website or your vendor. |
CVE-2001-0011
|
| BIND 4 nslookupComplain() Format Bug |
Version 4 of BIND contains a format bug that may be exploitable to gain remote root access on the vulnerable bind server. The problem occurs in an error handling function, nslookupComplain. Fix:Upgrade to the current version of bind from the ISC website or your vendor. |
CVE-2001-0013
|
| Multiple Vendor DNS Cache corruption |
Intruders who control a nameserver on the global internet can force your nameserver to look up data from them and then feed it back additional and corrupt records. Fix:Upgrade to the current version of bind from the ISC website or your vendor. |
|
| CGI - ash Interpreter |
The ash interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root. |
CVE-1999-0509
|
| CGI - bash Interpreter |
The bash interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root. |
CVE-1999-0509
|
| CGI - ksh Interpreter |
The ksh interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root. |
CVE-1999-0509
|
| CGI - Perl Interpreter |
The Perl interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root. |
CVE-1999-0509
|
| CGI - rksh Interpreter |
The rksh interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root. |
CVE-1999-0509
|
| CGI - sh Interpreter |
The sh interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root. |
CVE-1999-0509
|
| CGI - tcsh Interpreter |
The tcsh interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root. |
CVE-1999-0509
|
| CGI - zcsh Interpreter |
The zcsh interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root. |
CVE-1999-0509
|
| Webcart vulnerability |
There exists a vulnerability within Mountain Network Systems Webcart software. The vulnerability allows any remote attacker to execute commands remotely through your web server. Fix:Contact Mountain Network Systems for a patch. |
|
| network_query.php shell execute vulnerability |
The php script network_query.php can be used by attackers in order to remotely execute commands against your web server. Fix:If this script is not being used we suggest removing it. |
|
| Trend Micro OfficeScan Config File Disclosure |
A vulnerability was discovered in Trend Micro OfficeScan Corporate Edition that allows remote attackers to access configuration files containing passwords. Fix:Install vendor supplied patch. |
|
| Authentication Error Allows Mail Relaying |
A vulnerability results because of a flaw in the authentication process used by the service. The vulnerability could allow an unauthorized user to successfully authenticate to the service using incorrect credentials. An attacker who exploited the vulnerability could gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service but not to administer it. The most likely purpose in exploiting the vulnerability would be to perform mail relaying via the server. Fix:Install Windows 2000 Security Rollup Package 1 or the latest Service Pack. |
CVE-2001-0504
|
| wu-ftpd File Globbing Vulnerability |
Wu-Ftpd allows for clients to organize files for ftp actions based on file globbing patterns. The implementation of file globbing included in Wu-Ftpd contains a heap corruption vulnerability that may allow for an attacker to gain remote root access. Fix:Contact your vendor or visit their website to obtain a fix or software upgrade to eliminate this vulnerability. |
CVE-2001-0550
|
| Novell Groupwise Servlet Gateway Default Account |
A remote attacker may gain access to the Novell Groupwise Servlet Gateway Servlet Manager interface by entering the default username of "servlet" with a default password of "manager". Fix:Edit the SYS:\JAVA\SERVLETS\SERVLET.PROPERTIES file and change the username and password at: servlet.ServletManager.initArgs=datamethod=POST,user=servlet,password=manager,bgcolor |
CVE-2001-1195
|
| Windows XP UPNP Vulnerabilities |
There exists multiple vulnerabilities within the Windows XP UPNP service. The first vulnerability is a remote buffer overflow vulnerability. The second is a denial of service attack and the third a distributed denial of service attack. Fix:Install the Microsoft security patch ASAP. |
CVE-2001-0876
|
| BSCW 4.0.x remote command execution |
Two vulnerabilities were discovered in BSCW that can be exploited to execute commands remotely. Fix:Upgrade to the most current version of BSCW Server to eliminate this and possibly other security vulnerabilities present in the software. |
CVE-2002-0094
|
| Last Lines CGI Remote Command Execution |
Lastlines.cgi does not filter shell metacharacters from web requests. As a result, it is possible for a remote attacker to execute commands on the shell of a host running the vulnerable script. Commands will be executed with the privileges of the webserver process. Fix:eEye is unaware of any fix or upgrade that eliminates this vulnerability. Please check the vendors website for any updates. |
CVE-2001-1206
|
| Savant 3.0 Webserver Buffer Overflow |
Due to a problem in URL handling in Savant 3.0 and prior, an attacker can gain a high degree of access to the server running Savant. If the attacker is not able to exploit the buffer overflow, he can easily take down the webserver. Fix:eEye is currently unaware of any vendor supplied solution to eliminate this vulnerability. Contact the vendor for an update. |
CVE-2000-0641
|
| BOOZT 0.9.8 CGI buffer overflow |
A buffer overflow vulnerability in the admin.cgi member of the BOOZT suite, can be exploited to gain remote access to a web server with the permissions of the web server. Fix:Visit the vendor homepage and install the most recent version to eliminate this security vulnerability. |
CVE-2002-0098
|
| Pi3Web long CGI request buffer overflow |
Pi3.org Pi3Web HTTP server 2.0.0 and earlier contains a buffer overflow vulnerability in its handling of long (260-character) /cgi-bin requests that can be remotely exploited to crash -- or possibly execute code upon -- the web server. Fix:Upgrade to the most current version of Pi3Web to eliminate this and possibly other security vulnerabilities in the software. |
CVE-2002-0142
|
| Web Server 4D/eCommerce 3.5.3 Buffer Overflow |
A buffer overflow vulnerability in Web Server 4D/eCommerce 3.5.3 can be exploited to gain a high degree of remote access. Fix:Upgrade to the most current version of Web Server 4D to eliminate this and possibly other security vulnerabilities in the product. |
CVE-2002-0123
|
| Allegro Embedded Web Server Buffer Overflow |
A vulnerability in certain versions of the Allegro Embedded Web Server can be exploited to execute code. This could permit an attacker to gain access to an internal network, or allow him to monitor traffic using a man in the middle attack. This web server is running on a 3Com cable modem, APC web interface, or some other embedded systems. Fix:As a workaround, users can block port 80 traffic by setting up a filter with the modem's firmware. |
CVE-2001-1293
|
| EasyBoard 2000 Remote Buffer Overflow |
A buffer overflow in EasyBoard 2000 involving the handling of the Content-Type request header can be exploited to remotely execute code with the privileges of the web server. Fix:eEye is currently unaware of any vendor supplied solutions to eliminate this problem. We recommend you contact the vendor for an update. |
CVE-2002-0263
|
| PHP Post File Upload Buffer Overflow Vulnerability |
A vulnerability in several older versions of PHP can be exploited by an attacker to execute arbitrary code. This vulnerability exists in the handling of MIME encoded file uploads. Fix:Upgrading to the most recent version of PHP will eliminate this and various other vulnerabilities discovered in the past. |
CVE-2002-0081
|
| IIS Cumulative - ASP Chunked Encoding Variant |
There exists a variant buffer overflow vulnerability within how Microsoft IIS handles chunked encoding requests. Fix:Install the Microsoft patch. |
CVE-2002-0147
|
| IIS Cumulative - HTTP Header Overflow |
There exists a buffer overflow within how Microsoft IIS handles HTTP header data. Attackers can exploit this vulnerability in order to remotely execute code on a susceptible web server. Fix:Install the appropriate Microsoft patch. |
CVE-2002-0150
|
| IIS Cumulative - HTR ISAPI extension overflow |
There exists a buffer overflow vulnerability within the Microsoft IIS .htr ISAPI filter. Attackers can potentially leverage this vulnerability to execute malicious code remotely on your web server. Fix:Install the appropriate Microsoft patch. |
CVE-2002-0071
|
| IIS Cumulative - DoS FTP status request - 2000 |
There exists a denial of service vulnerability within the Microsoft IIS FTP service. It can be used by attackers to remotely crash an IIS FTP server. Fix:Install the appropriate Microsoft patch. |
CVE-2002-0073
|
| Phorum 3.3.2 Remote Command Execution Vulnerability |
Retina has detected that this host is running Phorum. A vulnerability discovered in Phorum 3.3.2 can be exploited to remotely execute commands. The problem exists in the handling of external PHP scripts. Fix:Upgrade to a more recent version of Phorum to eliminate this vulnerability. Phorum 3.3.2 b3 and later are immune to the exploitation of this vulnerability. |
CVE-2002-0764
|
| Multiple Vulnerabilities in WebLogic |
BEA WebLogic contains numerous security issues which have been fixed up to Service Pack 11. The worst of these allow remotely executing code of the attacker's choice. Fix:Obtain the latest WebLogic service pack. |
|
| Apache chunking integer overflow vulnerability |
An integer overflow in the chunked encoding implementation in Apache web server versions 1.3.24 and earlier, and versions 2.0 through 2.0.36, can be exploited to gain remote access to the vulnerable web server. Fix:The Apache group has released updated versions of Apache on their website that eliminate this vulnerability. |
CVE-2002-0392
|
| OpenSSH 3.3 Remote Challenge Integer Overflow |
Several versions of the OpenSSH sshd between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. An attacker can use this vulnerability to gain remote root access to any vulnerable OpenSSH server. Fix:Upgrade to OpenSSH 3.4 or later. |
CVE-2002-0639
|
| OpenSSH 3.3 PAMAuth Integer Overflow |
Several versions of the OpenSSH sshd between 1.2.2 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. Fix:Upgrade to OpenSSH 3.4 or later. |
CVE-2002-0640
|
| BIND 9 chain response vulnerability |
A vulnerability in data chain response handling can be exploited by an attacker to remotely disable a BIND 9 dns server. Functionality of the BIND 9 server will not be available unless BIND 9 is manually restarted. Fix:ISC has released BIND 9.2.1 that eliminates this vulnerability. |
CVE-2002-0400
|
| BIND 9 resolver buffer overflow |
A buffer overflow in libbind and libc can be exploited by an attacker to gain remote access to any server that uses these vulnerable resolver implementations. BIND up to 9.2.1, Sendmail, and most versions of Unix are vulnerable, to name a few. Fix:Contact your operating system vendor to retrieve a patch or upgrade. |
CVE-2002-0651
|
| Macromedia JRun Admin Server Authentication Bypass |
JRun is Macromedia's servlet / jsp engine. It installs a web based administration console on TCP port 8000. Before using the console, users are required to login via an HTML form. This form can be bypassed, and administrative functions accessed without authentication.
Ensure you have the first patch for version 4.0. This check may produce false positives due to a lack of informative response from JRun and the number of different environments it runs on.Fix:Download the cumulative patch for JRun from Macromedia. |
CVE-2002-0665
|
| PHP multipart/form-data Post Buffer Overflow |
PHP contains code for intelligently parsing the headers of HTTP POST requests. The code is used to differentiate between variables and files sent by the user agent in a "multipart/form-data" request. This parser has insufficient input checking, leading to the vulnerability. The vulnerability is exploitable by anyone who can send HTTP POST requests to an affected web server. Both local and remote users, even from behind firewalls, may be able to gain privileged access. Fix:The PHP Group has released a new PHP version, 4.2.2, which incorporates a fix for the vulnerability. All users of affected PHP versions are encouraged to upgrade to this latest version. |
|
| Macromedia JRun Host Header Field Buffer Overflow Vulnerability |
The JRun ISAPI filter for .jsp files has a buffer overflow condition in it which is known to be exploitable on Windows platforms at the SYSTEM level. Fix:Upgrade to the most recent version of JRun. |
CVE-2002-0801
|
| SSH CRC-32 Compensation Attack Detector Vulnerability |
Various SSH implementations are vulnerable to a buffer overflow that allows a remote attacker to run arbitrary code. The SSH implementations include code for detection of a packet injection attack that would permit command execution. The code to detect the attack contains a vulnerability. A malicious user can overflow a 16-bit unsigned integer variable allowing memory address modification. (Note: There is a possibility this audit may generate a false positive result when scanning a Cisco appliance.) Fix:Obtain the latest version of your chosen SSH package to eliminate this and other vulnerabilities discovered in the past. |
CVE-2001-0144
|
| Sendmail DNS Map TXT Overflow |
A remotely exploitable buffer overflow exists in Sendmail versions 8.11 through 8.12.4. This vulnerability only exhibits itself if you have modified the configuration file to look up TXT records in DNS. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the latest version of Sendmail. |
CVE-2002-0906
|
| Multiple Vulnerabilities in Lotus Domino WebServer |
These vulnerabilities range from arbitrary file execution to admin bypass to DoS. This check covers vulnerabilities up to Lotus Domino 5.0.10, the last of which is a DoS. Fix:Upgrade to Domino version to the latest version. |
|
| Multiple Vulnerabilities in Microsoft Exchange 5.5 and 2000 |
There are a wide range of vulnerabilities in Microsoft Exchange 2000 pre-6.0.5762.3 or Microsoft Exchange pre-5.5.2651.50, including ones which allow arbitrary file execution and attacks against users on the network. Ensure you have the latest version. Fix:Upgrade to the latest version of Exchange Server. |
|
| AIX ftpd Remote Buffer Overflow |
A remote buffer overflow vulnerability in AIX's ftpd allows remote users to obtain root access. Fix:Apply the patch provided by the vendor: AIX 4.3: APAR: IY23674 |
CVE-1999-0789
|
| OpenSSH 3.0 channel code buffer overflow vulnerability |
A vulnerability in the channeling mechanism within versions of OpenSSH from 2.0, prior to 3.1, can be exploited to execute arbitrary code on a server running the OpenSSH daemon, or on a vulnerable client machine if it attempts to authenticate with a malicious server. Fix:Upgrade to the most recent version of OpenSSH to eliminate this and other possible vulnerabilities in prior versions. |
CVE-2002-0083
|
| Microsoft Site Server Information Leakage and Data Modification |
Microsoft Site Server is vulnerable to flaws that may allow attackers to view sensitive information, cause a denial of service, exploit trust relationships through cross-site scripting attacks, and execute arbitrary code. These flaws are caused by insufficient access controls on administrative pages, unsafe use of default login and password, and improper parsing of user-supplied data in URLs. Remote attackers can use the default login and password to gain access to privileged information, including scripts in the /SiteServer/Admin/ directory and the /_mem_bin/ directories, and may be able to use anonymous login privileges to remotely browse the LDAP server and gain access to plaintext passwords of other LDAP accounts. Additionally, remote attackers can also execute denial of service attacks by using the anonymous account to upload very large files to the /Sites/Publishing/Users/ directory, and can upload and execute files by utilizing scripts in the /SiteServer/Publishing directory that use the /scripts/cphost.dll object. Fix:Install the latest service pack available from the Microsoft Site Server support site. |
|
| Netware NWFTPD format string vulnerability |
This Novell Netware FTP server contains a format string vulnerability in it's implementation of username processing. This vulnerability can be exploited to gain a high degree of remote access to this vulnerable Novell Server. Fix:At the time this audit was created Novell had not provided a patch or service pack that eliminated this vulnerability. Please visit their website for any updates. |
CVE-2002-0930
|
| NT IIS Unicode Vulnerability |
Microsoft IIS (Internet Information Services) 4.0 and 5.0 contain a vulnerability in how they parse file requests that contain Unicode characters. It is possible for an attacker to remotely execute commands against vulnerable servers with an access level of IUSR_MACHINE. This is the vulnerability the nimda wormed used to propagate. Fix:Install the patch provided by Microsoft. |
CVE-2000-0884
|
| OpenSSH Kerberos Arbitrary Privilege Elevation |
Certain implementations of OpenSSH 3.0p1 and prior that include the ability to use Kerberos authentication, are vulnerable to remote compromise due to a buffer overflow vulnerability within the Kerberos authentication support. Fix:Upgrade to the most recent version of OpenSSH to eliminate this and other vulnerabilities discovered in the past. |
|
| SSH Communications Security Short Password Login Vulnerability |
Due to an input validation problem in SSH Communications Security SSH2 3.0 servers, it may be possible for remote users to log in to accounts for which there are two or less characters in the password field of the system password file. Fix:Upgrade to the most recent version of SSH Communications Security SSH server to eliminate this and other vulnerabilities discovered in the past. |
CVE-2001-0553
|
| Van Dyke Technologies VShell Buffer Overflow Vulnerability |
Due to a flaw in the handling of username validation within VShell, it is possible for a remote user to exploit a buffer overflow and execute arbitrary code with SYSTEM privileges. Fix:Upgrade to the most recent versions of VSHELL to eliminate this and other vulnerabilities discovered in the past. |
CVE-2001-0155
|
| OpenSSH Private Key Authentication Check Vulnerability |
OpenSSH 2.3.1 servers compiled between January 18, 2001, and February 8, 2001, were built without a crucial function that handles passwordless, key based access. If your server is configured to allow only key access an attacker can gain remote access to your OpenSSH 2.3.1 server. Fix:Upgrade your OpenSSH server to the most recent version to eliminate this and other vulnerabilities. |
|
| SSH Secure-RPC Weak Encrypted Authentication Vulnerability |
A vulnerability in SSH Communications Security SSH could allow, under certain conditions, the discovery of the secret key used to encrypt traffic on the local host. Fix:Upgrade to the most recent version of SSH Communications Security SSH to eliminate this and other vulnerabilities discovered in the past. |
CVE-2001-0259
|
| OpenSSH Client Unauthorized Remote Forwarding |
The OpenSSH client does not sufficiently check for the ssh-agent and X11 forwarding options after an SSH session has been negotiated. This allows the server to gain access to either of these two resources on the client side. This could result in a malicious server gaining access to the X11 display and remotely watching the desktop and keystrokes. Fix:Upgrade to the most recent version of OpenSSH to eliminate this and other vulnerabilities discovered in the past. |
CVE-2000-1169
|
| SSH Client xauth Vulnerability |
A vulnerability exists in the default configuration of the SSH client that could be used to read the xauth key from the user's .Xauthority file, and used to connect to the client machine. The client machine can be compromised by exploiting this vulnerability. Fix:Upgrade to the most recent version of SSH to eliminate this and other vulnerabilities discovered in the past. |
CVE-2000-0217
|
| SSHD RSAREF Buffer Overflow Vulnerability |
A buffer overflow vulnerability in the RSAREF cryptographic library can be exploited to gain remote root access to the any vulnerable SSH server that has linked in the RSAREF2 library. Fix:Upgrade to the most recent version of SSH to eliminate this and other vulnerabilities discovered in the past. |
CVE-1999-0834
|
| SQL Server Unchecked Buffer in MDAC Function |
The Microsoft Data Access Components (MDAC) provide a number of supporting technologies for accessing and using databases. Included among these functions is the underlying support for the T-SQL OpenRowSet command. A security vulnerability results because the MDAC functions underlying OpenRowSet contain an unchecked buffer.
An attacker who submitted a database query containing a specially malformed parameter within a call to OpenRowSet could overrun the buffer, either for the purpose of causing the SQL Server to fail or causing the SQL Server service to take actions dictated by the attacker.Fix:Install Service Pack 2 for SQL Server 2000 from Microsoft. |
CVE-2002-0695
|
| SQL 2000 Resolution Service Overflows (Sapphire Worm) |
There are three security vulnerabilities here. The first two are buffer overflows. By sending a carefully crafted packet to the Resolution Service, an attacker could cause portions of system memory (the heap in one case, the stack in the other) to be overwritten. Overwriting it with carefully selected data could allow the attacker to run arbitrary code.
The third vulnerability is a remote DoS.Fix:Install Service Pack 3 for SQL Server 2000 from Microsoft. |
CVE-2002-0649
|
| SQL 2000 password encryption buffer overflow |
Microsoft SQL Server 2000 SP2 and earlier contains a buffer overflow vulnerability in the routine that encrypts SQL Server credentials. By invoking the procedure with specially-crafted long parameters, an attacker could execute malicious code in the context of the server. Fix:Install the latest SQL Server 2000 Service Pack. |
CVE-2002-0624
|
| SQL Server SQLXML Remote Overflow |
Microsoft SQL Server 2000 includes a feature called SQLXML that allows the server to handle SQL queries and responses via XML. IIS enables XML over HTTP using SQLXML HTTP components, one of which is an ISAPI extension. Proper bounds checking is not made on a field of this query, allowing remote arbitrary code execution. Fix:Install Service Pack 2 for SQL Server 2000 from Microsoft. |
|
| SQL 2000 multiple XP buffer overflows |
Microsoft SQL Server 2000 SP2 and earlier contains buffer overflow vulnerabilities in many of its extended stored procedures (XPs). By providing specially-crafted long arguments to any of these routines, an attacker can execute arbitrary code on the SQL server. Fix:Install the latest SQL Server 2000 Service Pack. |
CVE-2002-0154
|
| SQL 2000 OLE DB provider name buffer overflow |
Microsoft SQL Server 2000 SP2 and earlier is susceptible to a buffer overflow in the OpenDataSource and OpenRowset functions if a long provider name string is supplied. A remote attacker could exploit this vulnerability to cause the execution of malicious code. Fix:Install the latest SQL Server 2000 Service Pack. |
CVE-2002-0056
|
| SQL Server 7 Extended Procedure Overflow |
Microsoft SQL Server 7.0 and 2000 have an overflow issue in the extended store procedure "xp_dirtree". This may allow a remote attack to execute arbitrary code of their choosing. Fix:Install Service Pack Three for SQL Server 7 from Microsoft. |
CVE-2002-0154
|
| SQL Server 7 Remote Data Source Overflow |
Microsoft SQL Server contains several buffer overflows in "functions that are associated with connecting to remote data sources through 'ad hoc names.'"
These will allow a remote attacker to run arbitrary code of their choice.Fix:Install Service Pack Three for SQL Server 7 from Microsoft. |
<
IT Security Services